Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7138 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation … | Apr 27, 2026 |
| CVE-2026-7137 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 27, 2026 |
| CVE-2026-7136 | CRITICAL | 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI … | Apr 27, 2026 |
| CVE-2026-7135 | MEDIUM | 5.3 | A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the … | Apr 27, 2026 |
| CVE-2026-7134 | MEDIUM | 4.7 | A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-6970 | UNKNOWN | — | authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary … | Apr 27, 2026 |
| CVE-2026-41467 | MEDIUM | 5.4 | ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and … | Apr 27, 2026 |
| CVE-2026-41466 | MEDIUM | 5.4 | ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by … | Apr 27, 2026 |
| CVE-2026-41465 | MEDIUM | 6.5 | ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against … | Apr 27, 2026 |
| CVE-2026-41464 | MEDIUM | 6.5 | ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data … | Apr 27, 2026 |
| CVE-2026-41463 | HIGH | 8.8 | ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write … | Apr 27, 2026 |
| CVE-2026-41462 | CRITICAL | 9.8 | ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL … | Apr 27, 2026 |
| CVE-2026-30352 | CRITICAL | 9.8 | A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted … | Apr 27, 2026 |
| CVE-2026-30351 | HIGH | 7.5 | A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing … | Apr 27, 2026 |
| CVE-2025-54505 | UNKNOWN | — | A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in … | Apr 27, 2026 |
| CVE-2026-7133 | MEDIUM | 4.7 | A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7132 | MEDIUM | 5.3 | A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of … | Apr 27, 2026 |
| CVE-2026-7131 | HIGH | 7.3 | A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. … | Apr 27, 2026 |
| CVE-2026-6357 | UNKNOWN | — | pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were … | Apr 27, 2026 |
| CVE-2026-6337 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 27, 2026 |
| CVE-2026-40514 | MEDIUM | 5.9 | SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization … | Apr 27, 2026 |
| CVE-2026-30350 | HIGH | 7.5 | An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST … | Apr 27, 2026 |
| CVE-2026-7130 | HIGH | 7.3 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing … | Apr 27, 2026 |
| CVE-2026-7129 | MEDIUM | 4.3 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of … | Apr 27, 2026 |
| CVE-2026-7128 | HIGH | 7.3 | A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such … | Apr 27, 2026 |